Security
Get flash to fully experience Pearltrees
Taking Advantage Of Technology
The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@i-hacked.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
Plug and Prey: Malicious USB Devices
This paper is meant as an overview of malicious USB devices. The paper will first lay out a proposed set of categories for malicious USB devices, how these categories function, how they differ, and how they can be used by an attacker. Next the paper will offer information on how these threats can be technically detected and mitigated, as well as human practices that can help alleviate the threats posed by malicious USB devices. While a fair amount of research has gone into blocking malicious software (viruses, worms, trojans, spyware, etc.), comparatively less time has been spent researching malicious hardware devices.Heap spraying - Wikipedia, the free encyclopedia
In computer security , heap spraying is a technique used in exploits to facilitate arbitrary code execution . The part of the source code of an exploit that implements this technique is called a heap spray . In general, code that sprays the heap attempts to put a certain sequence of bytes at a predetermined location in the memory of a target process by having it allocate (large) blocks on the process' heap and fill the bytes in these blocks with the right values. [ edit ] Operation A heap spray does not actually exploit any security issues but it can be used to make a security issue easier to exploit.
Tools
DOJOCON 2010 Videos First, thanks to Marcus Carey for inviting me out to DOJOCON. Be sure to check out the organizers http://www.dojocon.org/ and http://www.reversespace.com/ and donate to the cause if you like the event. Below are the videos from the conference, at least the ones I can show :), enjoy. Index:
DOJOCON 2010 Videos
Article
Sorry, we can't find the content you're looking for at this URL. Please try selecting a menu item from above or to the side of this message to get where you'd like to go.
This Metasploit module exploits a vulnerability found in Dolibarr ERP/CRM's backup feature. This software is used to manage a company's business information such as contacts, invoices, orders, stocks, agenda, etc. When processing a database backup request, the export.php function does not check the input given to the sql_compat parameter, which allows a remote authenticated attacker to inject system commands into it, and then gain arbitrary code execution.
Packet Storm ≈ Full Disclosure Information Security
Introduction It’s been a while since we’ve mentioned this course, of course since we mentioned it back in May 2010 – eLearnSecurity – Online Penetration Testing Training – eLearnSecurity has been making continuous improvements to the course-ware and the subject matter. The crew over at eLearnSecurity has drastically improved the overall course material, and if you are familiar with the first iteration you can see they’ve put a lot of effort into it. Whats New With v2 There’s a lot of new stuff 4 hours of new up to date videos, 800 new slides and even completely new modules – with a makeover on all material.
Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security
twentythreedotorg:index
Anaheim, CA . The LayerOne computer security conference is pleased to announce that we have released our first round of speakers in addition to opening pre-registration for the general public. LayerOne is currently in its 6th year of operation and this year is shaping up to be one of our best events to date. This year's LayerOne event will be held over Memorial Day weekend, May 23-24 2009, at the newly renovated Anaheim Marriott. Not only have we moved to a larger and more upscale venue, our attendees will also be happy to know that we are walking distance from Disneyland, Downtown Disney, as well as the newly opened Anaheim Garden Walk. In addition to all of this, the Anaheim Marriott has extended a special room rate of 99.00 per night.SAIC Opens Cyber Innovation Center in Maryland | Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
New Facility to Help Enable Development of Cybersecurity Solutions Science Applications International Corporation (SAIC) today announced the grand opening of its Cyber Innovation Center (CIC) along the I-95 corridor in Columbia, Maryland. The CIC includes a technical solutions lab and secured infrastructure intended to help SAIC develop and deliver cybersecurity solutions to customers. Other features of the center include a research and development, and training and conference spaces, as well as demonstration, prototyping and proposal solution support areas. The center will also create more demand for talented cybersecurity professionals in the area.
Attacks - Breaches | Dark Reading | Security | Protect The Business - Enable Access
Description: Stack-based buffer overflow in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control (Aventail.EPInstaller) before 10.5.2 and 10.0.5 hotfix 3 allows remote attackers to execute arbitrary code via long (1) CabURL and (2) Location arguments to the Install3rdPartyComponent method. Vulnerability: gvim Description: Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file.
From time to time it’s good to take a break from all the ultra-low-level stuff, like e.g. chipset or TXT hacking, and do something simple, yet still important. Recently Alex Tereshkin and I got some spare time and we implemented the Evil Maid Attack against TrueCrypt system disk encryption in a form of a small bootable USB stick image that allows to perform the attack in an easy “plug-and-play” way. The whole infection process takes about 1 minute, and it’s well suited to be used by hotel maids.
Evil Maid goes after TrueCrypt!
Unspoofable Device Identity Using NAND Flash Memory | Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
In 1998, Intel announced the introduction of processor identities. Anti-fraud practitioners celebrated, security experts busied themselves thinking of the research implications, and privacy advocates were terrified. In the end, Intel cancelled the processor identity plans.PaX - Wikipedia, the free encyclopedia
PaX is a patch for the Linux kernel that implements least privilege protections for memory pages . The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000. PaX flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. This effectively prevents many security exploits , such as some kinds of buffer overflows . The former prevents direct code execution absolutely, while the latter makes so-called return-to-libc (ret2libc) attacks difficult to exploit, relying on luck to succeed, but doesn't prevent variables and pointers overwriting.An exploit , in video games , is the use of a bug or design flaw including glitches, rates, hit boxes, or speed, etc. by a player to their advantage in a manner not intended by the game's designers . [ 1 ] It is often colloquially abbreviated sploit . Exploits have been classified as a form of cheating ; however, the precise determination of what is or is not considered an exploit can be controversial. This debate stems from a number of factors but typically involves the argument that the issues are part of the game and require no changes or external programs to take advantage of them. [ 2 ]
Exploit (online gaming) - Wikipedia, the free encyclopedia
Encryption
Wireless